AMENDMENTS TO THE CLAIMS 

Please amend the claims as follows: 

1 . (Currently Amended) A method for associating computer network identifications 
with network policies, said method comprising the steps of: 

analyzing a network interface associated with a client computer using a plurality 

of network detectors , including a first detector and a second detector , the 

detectors outputting a set of a plurality of netspecs, each netspec comprising a 

first token identifying a detector used for the analysis and a second token 

identifying the analyzed network interface; 
determining that the first detector that outputs a first netspec of the set of netspecs 

is more reliable in observing network interfaces than the second detector that 

outputs a second netspec of the set of netspecs; 
awarding a higher priority to the first netspec than to the second netspec in 

response to the first netspec being output by the first detector and the first 

detector being more reliable than the second detector; 
sorting the set of netspecs in a priority order based at least in part on the r e liability 

of the detectors that output the notspocs, whoroin detectors considered more 

reliable in observing network interfaces than other detectors arc awarded 

priority in the sorting; 
associating the network identifications made by the first and second netspecs of 

the set of netspecs with locations based at least in part on the priority order of 

the set of first and second netspecs; and 
feeding associated network identification/location pairs to a network interface 

module to implement desired network policies. 

2. (Original) The method of claim 1 wherein the network interface module is a module 
from the group of modules consisting of a firewall, a router, a sniffer, an intrusion detection 
module, a behavior blocking module, and a network communications module. 
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3. (Original) The method of claim 1 wherein the network interface module is a firewall, 
and a user of the client computer adjusts firewall settings to set network policies based upon 
location. 

4. (Canceled) 

5. (Canceled) 

6. (Canceled) 

7. (Previously Presented) The method of claim 1 wherein the step of associating the 
network identifications with locations comprises using a network probe to look up locations in a 
netspec database. 

8. (Currently amended) The method of claim 7 whoroin further comprising receiving 
modifications to the netspec database by a user of the client computer via a location setting 
module containing a user interface by which the users assigns a location to each of the netspecs 
or changes an existing location associated with each of the netspecs. 

9. (Previously Presented) The method of claim 1 wherein the step of feeding the 
associated network identification/location pairs to a network interface module comprises using a 
policy guide to feed the network identification/location pairs to the network interface module on 
a real-time basis. 

10. (Currently Amended) An apparatus for associating computer network identifications 
with network policies, said apparatus comprising: 

a computer-readable storage medium storing executable software means comprising: 

means for analyzing a network interface associated with a client computer using a 
plurality of network detectors , including a first detector and a second detector , 
the detectors outputting a set of a plurality of netspecs, each netspec 
comprising a first token identifying a detector used for the analysis and a 
second token identifying the analyzed network interface; 
coupled to the analyzing means, means for determining that the first detector of 
the set of netspecs that outputs a first netspec is more reliable in observing 
network interfaces than the second detector that outputs a second netspec of 
the set of netspecs; 



coupled to the determining means, means for awarding a higher priority to the 
first netspec than to the second netspec in response to the first netspec being 
output by the first detector and the first detector being more reliable than the 
second detector; 

coupled to the analyzing means, means for sorting the set of netspecs in a priority 
order based at least in part on the reliability of the detectors that output the 
netspecs, wherein detectors considered more reliable in observing network 
interfaces than other detectors are awarded priority in the sorting; 

coupled to the sorting awarding means, means for associating the network 
identifications made by the first and second netspecs of the set of netspecs 
with locations based at least in part on the priority order of the set of first and 
second netspecs; and 

coupled to the associating means, means for feeding associated network 
identification/location pairs to a network interface module to implement 
desired network policies; and 
a processor configured to execute the software means stored by the computer-readable 

storage medium. 

11. (Original) The apparatus of claim 10 wherein the network interface module is a 
module from the group of modules consisting of a firewall, a router, a sniffer, an intrusion 
detection module, a behavior blocking module, and a network communications module. 

12. (Original) The apparatus of claim 10 wherein the network interface module is a 
firewall, and the network policies are implemented on a packet-by-packet basis. 

13. (Original) The apparatus of claim 12 wherein locations are correlated with firewall 
settings on a distributed basis within the firewall. 

14. (Canceled) 

15. (Canceled) 

16. (Previously Presented) The apparatus of claim 10 wherein the associating means 
further comprises: 

a netspec database associating the netspecs with the locations. 



17. (Previously Presented) The apparatus of claim 16 further comprising, coupled to the 
netspec database, a location setting module adapted to enable a user of the client computer to 
associate the locations with the netspecs. 

18. (Previously Presented) The apparatus of claim 10 wherein the feeding means 
comprises: 

a policy guide for associating the network identifications with the locations; 
wherein 

the network interface module implements the network policies based upon the 
locations fed to the network interface module by the policy guide. 

19. (Previously Presented) The apparatus of claim 10 further comprising, coupled to the 
network interface module, a user interface adapted to enable a user of the client computer to 
associate the locations with the network policies. 

20. (Canceled) 

21. (Currently Amended) At least one computer-readable medium containing computer 
program instructions for associating computer network identifications with network policies, said 
computer program instructions performing the steps of: 

analyzing a network interface associated with a client computer using a plurality 
of network detectors , including a first detector and a second detector , the 
detectors outputting a set of a plurality of netspecs, each netspec comprising a 
first token identifying a detector used for the analysis and a second token 
identifying the analyzed network interface; 

determining that the first detector that outputs a first netspec of the set of netspecs 
is more reliable in observing network interfaces than the second detector that 
outputs a second netspec of the set of netspecs; 

awarding a higher priority to the first netspec than to the second netspec in 
response to the first netspec being output by the first detector and the first 
detector being more reliable than the second detector; 

sorting the set of netspecs in a priority order based at least in part on the reliability 
of the detectors that output the - notspocs, wherein detectors considered more 
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reliable in observing network interfaces than other detectors are awarded 

priority in the sorting; 
associating the network identifications made by the first and second netspecs of 

the set of netspecs with locations based at least in part on the priority order of 

the se^ef first and second netspecs; and 
feeding associated network identification/location pairs to a network interface 

module to implement desired network policies. 

22. (Previously Presented) The method of claim 1, wherein the client computer has a 
plurality of network interfaces and further comprising: 

analyzing each of the plurality of network interfaces using the plurality of network 
detectors; and 

analyzing the netspecs for the plurality of network interfaces output by the 
plurality of network detectors to identify a set of unique network interfaces; 

wherein interfaces in the set of unique network interfaces are associated with 
locations responsive to the priority order. 

23. (Canceled) 

24. (Canceled) 

25 . (New) The method of claim 1 , further comprising providing a user interface 
which allows a user of the client computer to set or change the priority order of the set of 
netspecs. 

26. (New) The method of claim 1 , wherein certain of the plurality of network 
detectors detect a first network interface and the netspecs output by the certain network detectors 
are awarded priority based on how reliable each of the certain network detectors is in identifying 
the first network interface, 

27. (New) The method of claim 26, wherein associating the network identifications 
with locations further comprises: 

selecting a netspec awarded a highest priority of the netspecs output by the certain 
network detectors identifying the first network interface; 
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looking up a corresponding location identifier for the highest priority netspec in a 

netspec database; and 
associating the first network interface with a location identified by the 

corresponding location identifier for the highest priority netspec. 
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